UNPKG

payload

Version:

Node, React, Headless CMS and Application Framework built on Next.js

payloadcms.com

payloadcms/payload

51 lines (50 loc) 1.5 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
import { executeAccess } from '../auth/executeAccess.js'; import { Forbidden } from '../errors/Forbidden.js'; export const checkFileAccess = async ({ collection, filename, req })=>{ if (filename.includes('../') || filename.includes('..\\')) { throw new Forbidden(req.t); } const { config } = collection; const accessResult = await executeAccess({ data: { filename }, isReadingStaticFile: true, req }, config.access.read); if (typeof accessResult === 'object') { const queryToBuild = { and: [ { or: [ { filename: { equals: filename } } ] }, accessResult ] }; if (config.upload.imageSizes) { config.upload.imageSizes.forEach(({ name })=>{ queryToBuild.and?.[0]?.or?.push({ [`sizes.${name}.filename`]: { equals: filename } }); }); } const doc = await req.payload.db.findOne({ collection: config.slug, req, where: queryToBuild }); if (!doc) { throw new Forbidden(req.t); } return doc; } }; //# sourceMappingURL=checkFileAccess.js.map